unwanted download and install
-
sgunhouse Moderator Volunteer last edited by
I'll presume there isn't something else you know about that happens "every three days"? Does it always happen at the same time? (When you start up that day, 10:00 AM, etc.) Opera itself doesn't sound like something malware would install - though as suggested previously someone might include a malware extension - something to steal bank passwords or some such - or some of the fake search engines. Very strange ...
If it always installs at the same time you might try watching for some strange process that runs just before that. Other than that - scan it before you delete it, perhaps? Send a copy of the installer to your AV people for them to examine?
I have to presume whatever installer you get runs unattended - without any dialog that has buttons for Options, Install and Cancel? Presuming you're not an admin account in XP, do you get a UAC dialog (where Windows asks if the program is allowed to make changes to the computer)? Of course XP doesn't show such a dialog if you're an administrator.
-
totrecal last edited by
sgunhouse, yesterday I was checking the history in Vipre,and in the Autopatch section I found a record of Opera installs. Turns out it's not every three days, but every two to four days and not the same time each day. I also found it strange that malware would want to install Opera. My thought was maybe Opera allowed access that my browsers didn't. It looks like Opera is more secure than Chrome or Firefox. So that might not be true.
Right now we're trying to catch this process in the act so I can see what might be running then. This all happens in the background. I'm on Windows Seven. I was pleased to see Seven asks for permission to make changes to the hard drive, but whatever this is doesn't make itself known. At least not while it's running. I have installed Bitmeter, which I've used before when on XP. Since Bitmeter runs constantly, I can see a download even when my browser and email are closed.
I've manually hunted down malware that got on a network I was administering, and had shut down Norton to infect the network. So it was a fairly sophisticated program, but that was years ago. Hackers have gotten a lot more clever, and I've been out of the business for quite a while now. It's been a very long time since I've had anything like this on one of my systems. Kind of scarey really.:(
-
blackbird71 last edited by
@totrecal, have you tried using the free analysis tools like Process Explorer from Sysinternals (now part of Microsoft)? It gives a view of what has originated the various running processes. Also TCPview (also from Sysinternals/Microsoft) gives a view of what is in the TCP stack, from whence it originated, and where it might be calling out to.
-
totrecal last edited by
blackbird71, both autorun and Process Explorer have been on my system since I first set it up. I'm going to add TCP view right away. BTW, just for kicks I installed Opera 23 last night. Malware tried loading again this morning, but this time I got a box asking did I want this upgrade and I declined. Doesn't solve the problem, but at least I got the little bug to talk to me. It's actually tried twice this morning. I rejected it both times. First time it tried this morning I had no other programs running. All I could see on task manager that was not there last night was an upgrade.exe and an install.exe. I'm going to use the sysinternals stuff to see what I can monitor when it shows up again.
I've been running Process Explorer on previous systems, but never could find out what the colors were about. Do you know?
-
A Former User last edited by
Options>Configure Colors will tell you what the colours represent and of course allow you to change them if you want to.
-
totrecal last edited by
I would like to thank everyone that's been offering suggestions here. I believe I may have solved the problem. It seems Vipre may have been the culprit. They have a security "patch" on a bunch of internet programs that includes the major browsers. I'm not sure why, but it was forcing an upgrade and install of Opera. Just ran a fix that included their patch on browsers I use and got the same results I was getting before. I'll be waiting a few days to see if this is the fix, but it sure looks like it.
Thanks to a number of you I now have more security on the system, and a few more tools to work with. This is one of the better forums I've had the pleasure of commenting on. I think I'll be back.
-
A Former User last edited by
Thanks, I do hope it's now sorted!
Quite why Vipre should still be forcing an update of Opera on you when you now have the latest version installed is a bit of a mystery though!
-
blackbird71 last edited by
Apparently, Vipre has an Auto Patch Software Update tool that is supposed to automatically manage the updating of a bunch of "popular applications"... I was not aware of this feature before. From the sound of things, it appears that either something in it is not performing correctly on @totrecal's particular system or the patch software has a bug in it.
-
lovpdx last edited by
@totrecal, Have you or any one found a solution to this problem? I am having the exact same problem. I stumbled on this forum surfing for answers. I can keep up with most of whats being discussed here but I am not particularity tech savvy. I am also using Viper anti-virus and have experienced the same Opera program loading itself over and over again, after repeatedly uninstalling the program. It also seems to be interfering with other systems on my laptop as I am having computer freezes and lock-ups that I have never had before, along with my mouse/touchpad not working intermittently. I know the later is a software problem as every time I restart the computer the problem is temporarily resolved. Similarly, I have never actually opened the Opera program for the same reason that I am terrified to open something that I did not ask for or even ever permit. I am scared to use my only computer to check my bank statements or anything like that, and haven't been able to do so for months now. Any help at all will be very much appreciated as I am at a total loss for where to go from here. Thanks everyone for all the info already given.
-
totrecal last edited by
lovpdx, let me start by saying I think Vipre is good stuff. I prefer not to use more popular antivirus, since hackers look to attack that software first. As past manager of a small office network, I had malware just walk past Norton. So it seems our problem is actually the fault of Vipre. Minor fault - big headache.
Here's what fixed my problem: Open Vipre and click on "manage". Then click the "check for patches" button. Eventually you should get a list of updates. One of those should be Opera. You should be offered a choice to "hide" Opera. Mine's fixed now so I can't give you the exact directions for the "hide". Once you see the update list it should be pretty simple. Contact me again, if you have trouble; and tell me what you see when you have the update list.
I'm afraid the Vipre tech support might not be too helpful. I had to lead them to this problem. Since my experience, they may have caught up to the fix. The fix they gave me didn't work. Had to make up my own.
As I mentioned before in this thread, Vipre attempts to update browsers to prevent intrusions. It appears on some of our systems they update and install browsers we're not using.
The Opera that gets installed on you system shouldn't be harmful. You can just use Windows uninstall to get rid of it. This little episode has made me interested in Opera as one of my browsers. Now that things have settled down on my system, I plan on installing the latest Opera version. Good luck lovpdx
-
totrecal last edited by
lovpdx, just checked my history on the Opera situation. Here's what I have as the last step to "hide" the Opera install: (7. Once the scan completes, right click the offending updates and click 'Hide' The updates will be hidden from view in subsequent updates.) Apparently "hide" in Vipre language means stopping the update.
-
lovpdx last edited by
totrecal, I have followed the path you laid out and my laptop has been clean of Opera long enough to say It worked!It wasn't that difficult to fix once some light was shed onto this, but before I never even suspected the one program designed keep this from happening. That said, I agree that Vipre is a great anti-virus and have had no other problems or breaches, but I guess nothing's perfect. This is the first I have heard of Opera and suppose I should let them off the hook as well I suspected mal-ware/virus the entire time. . Thank You my friend
-
redit0 last edited by
thank you for the insights into this problem with an unwanted Opera installation. I followed the advice concerning Vipre possibly adding it while installing a patch. I have followed your advice and did the 'hide' and hope it works. Hate the thought of a program installing programs during normal protective routines. I recently had a windows up date actually remove my Vipre program and then had to have it re installed, once I made sure (at least I hope I did) it was not due to an infection. thank you again for all the helpful information here.
-
totrecal last edited by
redit0, since fixing my Opera/Vipre problem, I decided I didn't need Vipre to do any updates. The programs it updated were already updating themselves. So I've disabled that function in Vipre.
-
redit0 last edited by
thanks,'wish I knew as much as you folks do. Appreciate you sharing all the insights, helps tremendously
-
lando242 last edited by
Yandex is not a program, it is a website. Its like saying how to I remove HBO from my TV.